40% OFF EVERYTHING
WordPress 20th BIRTHDAY SALE
Buy Now

Adding a SSL Certificate to your website

via cPanel

There are many good reasons to add a SSL to your site, we won’t go into detail here but to name a few:

  1. Google now gives a SEO boost to sites with SSL
  2. Your users are more protected!
  3. Some browsers (Chrome) now require SSL for geo-location to work

This tutorial will walk you through everything from buying a SSL certificate to installing it on your cpanel hosting.

Buying the SSL

There are many places to buy a SSL and even some that will give you one for free (with a little work). SSL certificates for most purposes are the same, if you are reading this then i guess your knowledge about them is limited so in simple terms you have 2 main types #1 expensive Organsiation/Extended SSL’s that take a few days to get but usually give you the full green bar or company name in the URL bar and then there are #2 less expensive “Domain Validation” certificates that take only a few minutes to get and give you the green padlock in the URL bar, this 2nd option is the one we will be using in this tutorial.

Domain Validation SSL certificates are mostly all the same, a $100 one will do the same job as a $5 one, the only thing that can go wrong is that the company issuing the certificate can have their master trust certificate revoked which could invalidate your SSL, this is very rare but is something to think about. My general rule when buying a SSL is find the cheapest from a company you have heard of. In our case i did a little searching and found one on NameCheap.com for £6.20/$9 per year. I did find cheaper but i had not heard of the companies before so i decided to go with NamesCheap who i have used in the past for domains.

Installing the SSL

This is the complicated part but if you have cpanel hosting like we are using for this tutorial then it makes it a bit simpler.

Installing the SSL – Step 1 : Certificate Signing Requests (CSR)

A CSR is needed to sign your SSL certificate before it can be generated, this gives the certificate your information for your use.
Log into your cpanel hosting account and look for SSL/TLS:
ssl
In that page click the link to generate a CSR:
gen-csr
Fill out the required information as requested, be sure when entering your domains you add one beginning www. at the beginning other wise domain with www in them will not be validated, if you use any other sub-domains they should also be entered here. You can buy wildcard (*.) SSL’s but they are more expensive:

csr-info
If everything goes well you will see a success message and your CSR details below it, well done:
csr-generated

Installing the SSL – Step 2 : Activate/Generate SSL

In your NamesCheap.com dashboard under your SSL certificates you will need to activate your new certificate:
activate-ssl
Enter your Encoded CSR you created earlier and fill out the form and click submit:
gen-ssl

You will then need to confirm you own the domain through Domain Control Validation (DCV), this can be done 3 ways:
dcv
The easiest way is email validation, select it and then enter your contact info and Submit.
You will then receive and email with a code which you then click the link and enter the code to validate.

Your certificate will usually be emailed within 5 minutes but it can take up to 40 minutes for it to show in your NamesCheap.com account (for syncing reasons)

Installing the SSL – Step 3 : Install your SSL Certificate

You will have been emailed your SSL certificate as a zip and also as a text format and you can also download it from your NamesCheap dashboard.

Go back to your cpanel SSL/TLS and select “Manage SSL sites”:
install-ssl
Paste in your SSL certificate text (CRT) file text and then click “Autofill by certificate”:
crt
Then click “Install Certificate” and if all goes well you will see the success and be finished:
ssl-success

You should now go into any WordPress installations and change the URLs to https
wp-ssl

Sometimes you will have hard coded urls in your database, there is a handy plugin called Better Search Replace You can use this plugin to search for your url (http://your-url.com) and replace with the SSL version (https://your-url.com)

Another useful plugin can be WP Force SSL which will force all urls to HTTPS and tell google to use those.

Published by Stiofan O'Connor

Stiofan O'Connor is the co-founder and CEO of AyeCode LTD. With his business partner Paolo, they are the makers of the GeoDirectory, UsersWP and Invoicing plugins for WordPress. He is a Full Stack developer specialized in WordPress development. Stiofan started building websites as a hobby in the early 2000s with PHP at first. He then moved to the CodeIgniter Web Framework for a while before discovering WordPress and ever since he never looked back. Today his WordPress themes and plugins are used with success by +100.000 active websites.